const mysql = require('./../database');

module.exports.login = async (name,password,verifyCode) => {
    //密码MD5加密
  let hash = crypto.createHash('md5');
  hash.update(password);
  password = hash.digest('hex');
  // console.log('user：'+ name +",加密后的密码："+password);
  //mysql.escape(name)防止用户提交的数据里用Sql注入攻击
  let query = 'SELECT * FROM user WHERE userName=' + mysql.escape(name) + 'AND password=' + mysql.escape(password);
  mysql.query(query, function (err, rows, fields) {
    if (err) {
      //打印的内容均在服务器的命令行窗口中，不会在浏览器中打印
      console.log(err);
      return;
    }
    let user = rows[0];
    if (!user) {
      res.send({ message: '用户名或者密码错误', login: false });
      return;
    }
    // if (verifyCode != req.session.captcha) {
    //   res.render('login', { message: '验证码错误' });
    //   return;
    // }
    req.session.user = user;
    res.send({ login: true, user: req.session.user })
  });
}